Should we have an NPM package?

[andreivladbrg]

Should we also publish NPM packages and GitHub releases for this repo or installing it via commit should be fine?

"@sablier/solidity-utils": "github:sablier-labs/solidity-utils#main"

IMO, if integrators have no issues installing the @sablier/lockup package (or any other of our protocols that depend on this), we don't need to, since the purpose of this repo is to simply centralize repetitive logic across all our contract repos.
Up to see

cc @sablier-labs/solidity

[smol-ninja]

I'd say yes we should publish npm package, for two reasons:

1. External projects may be interested into using this repo since it contains very generic implementations (except SablierFees for which please see Remove `SablierFees` from this repo #4)

2. There will rarely be another release as these implementations will hardly require any new updates. So it wont add any additional maintenance cost for us.

[andreivladbrg]

• External projects may be interested into using this repo since it contains very generic implementations (except SablierFees for which please see Remove SablierFees from this repo #4)

as said there, i believe this isn't the purpose of this repo

There will rarely be another release as these implementations will hardly require any new updates. So it wont add any additional maintenance cost for us.

fair point about this

[PaulRBerg]

Yes we should absolutely publish this to NPM because of security reasons.

NPM packages are unchangeable once they are deployed and used by at least a few users (NPM doesn't allow changes).

GitHub repos can be overridden and mistakes can be introduced.

[andreivladbrg]

fair enough